Credit

Re: Credit

Thanks for the credit, i appreciate it. We will be back next year shooting for first! The scores were all really close and everyone did a great job. I can't wait till all of the data is posted to see how the other teams attempted the challenges. From what I've heard so far, there should be a lot of interesting information to be shared.

Re: Credit

I'm glad that you brought this up. I was part of the winning team and while standing up there it sounded like DT attributed the magnet defeat to us (accidental I'm sure). Also, I heard a rumor that you guys did something similar to the metal ball seal; any detail?

Anyway, that was an awesome defeat and video. Good job to WiK and hactar!

Re: Credit

The ball and metal stripe seal was a bit different, disciple will have more info on that one, or if dt releases our findings it is covered in great detail.

Next year I would like to make all our stuff 2a compliant(exploit a weekness in the device ) or reverse the lock so as it works when exploited... But as you guys know... That ain't easy. The more I sit here with the ball and metal stripe lock I'm starting to get more ideas on how we could have beaten.

I look forward to the show down :) bring that a game!

Re: Credit

Yeah that was the one to beat. They list it as tamper-proof, which is obviously absurd. I'm pretty sure we figured out the trick for next year. Well, ok maybe not, but we have solid ideas.

Kudos to all of the teams that finished. Next year we hope to give you a run for the money!

Re: Credit

I happened to be one of the lucky few to get an extra after we turned in our box. I am now able to lock and unlock it with a hook lockpick. TAMPER PROOF NOMORE!

Yes it is dooable. I will not share until next year's challenge. If the ball lock is not included in the challenge next year I will attempt a demonstration somewhere at some time with on camera to prove it can be done. We need to stop the companies from advertising that these locks are tamper resistant and tamper proof if they can be beaten so easlily. I have been bitten by the tamper evident bug... all your stuff are belong to us now. Shipping containers, drug bags, crash carts, airplane hangers, etc.. yeah these tags are used for way too much to have titles like this?

Re: Credit

So... if we defeated all of the current tamper evident/resistant stuff out there.... what do you think will be in the box next year???

On the white linen envelope, I exploited the weakness in the envelope and didn't even touch the "red" tape... I sliced open the exposed seam and superglued it back together... took about 30 seconds :-) Same with the wax sealed envelope... I sliced open the short-side of the envelope and used rubber cement to put it back together... That was actually my biggest WTF moment of this contest = we've been using wax seals for what? thousands of years? and I couldn't find any really good info on how to bypass one!!! That's just sad! Of course, I went back and attacked the wax seal just for shits and giggles (and extra points). I found that freezing it made it come off the paper easier, BUT made it a little more brittle...used a butter knife to cut it from the paper, steamed open the lick-n-seal flap, then re-attached the wax with rubber cement - THEN heated it slightly around the edges to hide any glue/errors...

Kudos to DT and everyone who helped with this contest! It was so much fun!

Re: Credit

Man, I gutted that poor metal ball seal so bad. I literally just twisted up all the spring-locks inside of it and then pulled them out. I spent a long time trying to unlock it, but I couldn't. Now that I have a few spares, I am going to examine them a bit more thoroughly to see how to bypass it.

One thing that I did (which I think I posted about before) which actually helped was I used google's patent search to find the patents for a whole bunch of these guys. This helped because the patents all show the inner workings. I just couldn't find one for that ball seal lock.

Re: Credit

We did something similar; I had a spare ball seal and Dremel'd, pushed out, repeat until there was enough space for the real ribbon. Then destroyed the real ball without hurting the ribbon and combined the two pieces. We bought a lot of ULine's product line and played with it before con. We focused on the mechanical seals and ended up having the most trouble with the simple stuff like envelopes and decals.

Re: Credit

Hi guys, just wanted to write that I know Kive put your team names on the power point but congrats again to Wik for a solution that was simply elegant. Also thanks to all of you for making this an amazing 1st year contest that really brought so much attention to the state of this stuff. I can't wait to see what you guys pull off next year. I'm think we might be giving demos of a some of your solutions next year at the booth. Also, on the Metal Truck Seals (H-542R) that Unline claims to be "tamper proof" seem to be a very old design. Someone came up to the booth saying they used to be given them by the forestry service in the 60's as a permit when cutting down their own xmas tree.

Re: Credit

Hi folks,

First of all, I want to thank all of you for competing in the first Tamper-Evident Contest. We had an astoundingly diverse crowd competing, and I think we all had a stellar time -- judges and contestants both. Not to step on his toes, but The Dark Tangent and I were very pleased to see the results, and we're really looking forward to next year! You folks were really incredible, and I'm just happy as hell to have such an awesome group of participants and crew for a first-year contest.

Secondly, I think we all "discovered" that the tamper-evident/tamper-proof industry might have some weaknesses. I'm looking forward to when The Dark Tangent calls our suppliers and relays our results, just as I'm looking forward to talking to my day-job's physical security folks about the same things. Kinda neat when your work actually results in changing an industry, I hope.

Next, I want to say that I absolutely could -not- have done this without:

- Dark Tangent
- Nikita
- Stits
- Thorn

You folks were pure awesomeness. Just sayin.

I also appreciated all of the work that Tiphareth (Tip), Pi, and the UAT students put in in terms of manning the table. Every one of you rocks, and I -really- appreciate you being there.

Here are the final standings (points then team):

51: Motherfucking Professionals
47: Team Obsinisize
42: Team Hactar
29: Have you seen my Box?
24: aurora/expo/facon12
20: WTF_Team 2
1: I-Hacked Crew

Everyone else scored negative, mostly from not turning everything back in, from not documenting what they did (that's the real goal here, aside from having fun, right?), or from not attempting things (you lose more points by not trying than failing). L0st gets out of a hazing since his box was stolen as some team of his thought it was part of the Mystery Challenge.

We'll be posting more up about specific defeats and the general insecurity of tamper-evident and tamper-proof devices in the near future, but...

Team Hactar: For the record, you guys did the hard drive magnet defeat -- and you did excellently with that. I actually thought I mentioned you twice in the closing ceremony -- and your astounding success was why Dark Tangent actually asked for me to play that video. It's possible me being the deer in headlights caused me to not mention you, and while I find it unlikely, if that was the case, I sincerely and wholeheartedly apologize -- seriously; you guys deserve credit for that one.

[IF that turns out to be the case, I will allow you, as a team, to find two times throughout DC weekend in which I will proclaim my wish for forgiveness from Team Hactar (at any place on the strip at which I don't plan on playing poker. ;) )]

I also want to call out props to two teams:

- Motherfucking Professionals: If you guys were boy scouts, you would have won a merit badge. That or stolen the entire case with an Arduino-powered acid-solution of some sort.

- Have You Seen My Box?: You guys get points for limiting yourselves to the tools you can find in a hotel room or get the housekeeper to bring to you. Stealthy ninjas you may become. I give you personal kudos points for restricting yourselves.

Here's the actual slides from my "Notable Hacks" slide:

Team Hactar vs. S-15562 Colored Cable Seals
Repurposing hard drive magnets to reuse tamper-resistant locks

Motherfucking Professionals vs. Padlock Seals
Arduino providing power to cut wire in HcL/salt water solution

Here's some tips, since I skipped the slide on "Tricks":

Watch the Forums - Many Components Announced Months Early
Document Early - Lots of Teams Lost Points for Poor Documentation
Be Ready for Variety
Team Up - Individuals Didn’t Turn In

We're already talking about next year, but here's what I can tell you right now:

- Next year, it will be tougher.
- Next year, there will most likely be varying difficulties.
- This year was easy-medium stuff. I would suggest that you be prepared for what you saw, but I wouldn't count on seeing the same thing twice.

I welcome comments from all teams and contestants and onlookers -- e-mail me at my username @ that same username dot me.

Thanks again for a great time,

-Kive

Re: Credit

My funniest moment with regards to this contest had to be the network administrator of one of the represented companies vendors' saying, "Oh damn...." when we were doing a little show and tell on Day 2 (Saturday). He declined to provide his business card.

-kive

Re: Credit

WiK, as mentioned below, if you guys weren't mentioned -- that's my bad. Pretty sure I mentioned Team Hactar twice in my closing speech, though. Waiting for those DVD's to arrive now. ;)

-kive

Re: Credit

I had a lot of fun doing this. One of the few contests that really interest me, and doesn't require contestants to devote the entire con to.

kive and org. crew --
Looking forward to see what you guys come up with for those bags gave you
Also, any word on like a mailing list or something? Don't know what the activity on the forums is like, but I can say that I'm really not prone to keeping up outside of the weeks before and after DC, so a mailing list sounds like a great idea to me :-p

jk / datagram --
Didn't run into ya later in the con to get some of those seals from ya.
Still interested in setting up the trade dealio? Brilliant idea we should actually follow through with.


Total fucking success with this contest.

Re: Credit


Kiv,

You did mention us twice (if i remember correctly). I just think the team captain (hexjunkie) wanted to give me personally the credit for this particular hack. Perhaps because I've never seen the lock before and within two seconds of looking at it for the very first time (after just arriving to the room) I was able to deduce, then open the lock successfully before they were able to finish trying to tell me about it.

It felt good to see it in closing, and hear everyone cheer. That was a great con moment for me. Thanks